New “Stealc” Malware Builds on Prevalent Infostealers

On February 20, 2023, researchers with Sekoia.io reported the technical details of a new infostealer malware advertised for sale as “Stealc” by developers on dark web criminal forums. Context According to the report, “The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars and Redline stealers.”…

Read More

Campaign TypoSquatting PyPI Packages with Malicious Packages Containing Crypto Wallet Replacing Malware

On February 10, 2023, Phylum security researchers reported a resurgence in a previously seen campaign typosquatting legitimate Python PyPI packages with malicious packages to deliver a malware with cryptocurrency wallet clipboard replacing capabilities. Context  In November 2022, Phylum reported a similar campaign “in which threat actors attempted to replace cryptocurrency addresses in developer clipboards with…

Read More

Phishing Campaigns Targeting German and U.S. Organizations with Multiple Malware

On February 8, 2023, Proofpoint researchers reported multiple phishing campaigns targeting organizations in multiple industries in the U.S. and Germany. Context Proofpoint attributes the activity to the likely financially-motivated TA866, which they assess is a new threat group. The campaign is currently active and has been since at least October 2022. Technical Details The emails…

Read More

Prilex POS Malware Targeting Contactless Credit Card Transactions

Context Prilex has been active since at least 2014 and evolved from an automated teller machine (ATM) malware into a POS malware in 2016, primarily targeting Brazilian and South American retailers. In 2022, the malware evolved further, conducting fraudulent “GHOST transactions” using EMV cryptograms generated by payment cards during the payment process. In previous cases,…

Read More

Alleged Chinese Threat Actors Developing Fortinet Zero-Day Exploit for New “BOLDMOVE” Malware Campaign Targeting European and African Organizations

Context On January 19, 2023, Mandiant security researchers published the technical details of malware campaign preparations they’ve reportedly observed since October 2022. Two key points should be noted regarding Mandiant’s assessment: Mandiant has not directly observed exploitation of the vulnerability, or deployment of BOLDMOVE in the wild. Mandiant researchers assess with low confidence that the…

Read More